Browser security : a requirements-based approach

A browser is a convenient way to access resources located remotely on computer networks. Security in browsers has become a crucial issue for users who use them for sensitive applications without knowledge ofthe hazards. This research utilises a structure approach to analyse and propose enhancements to browser security. Standard evaluation for computer products is important as it helps users to ensure that the product they use is appropriate for their needs. Security in browsers, therefore, has been evaluated using the Common Criteria. The outcome of this was a security requirements profile which attempts to formalise the security needs of browsers. The information collected during the research was used to produce a prototype model for a secure browser program. Modifications to the Lynx browser were made to demonstrate the proposed enhancements.

The emotional geography of a mine closure: a study of the Ravensthorpe nickel mine in Western Australia

This paper engages with the literature on emotional geographies to report on a case study of the emotions surrounding the closure of a nickel mine in the shire of Ravensthorpe in the south-west of Western Australia in January 2009. Two themes from the affect-infused narratives of pre- and post-mine community members are outlined. The first, which challenges constructions of the closure as a purely industrial and economic concern, focuses on the intense feelings the shut-down invoked amongst participants. The second theme explores the way in which the owner of the mine, BHP Billiton, worked to suppress and regulate affective reactions to the closure and thus reveals the highly political nature of emotions.

Integrating information security policy management with corporate risk management for strategic alignment

Information security policy defines the governance and implementation strategy for information security in alignment with the corporate risk policy objectives and strategies. Research has established that alignment between corporate concerns may be enhanced when strategies are developed concurrently using the same development process as an integrative relationship is established. Utilizing the corporate risk management framework for security policy management establishes such an integrative relationship between information security and corporate risk management objectives and strategies. There is however limitation in the current literature on presenting a definitive approach that fully integrates security policy management with the corporate risk management framework. This paper presents an approach that adopts a conventional corporate risk management framework for security policy development and management to achieve alignment with the corporate risk policy. A case example is examined to illustrate the alignment achieved in each process step with a security policy structure being consequently derived in the process. It is shown that information security policy management outcomes become both integral drivers and major elements of the corporate-level risk management considerations. Further study should involve assessing the impact of the use of the proposed framework in enhancing alignment as perceived in this paper.

Requirements for enhancing trust, security and integrity of GNSS location services

The paper describes a number of requirements for enhancing the trust of location acquisition from Satellite Navigation Systems, particularly for those applications where the location is monitored through a remote GNSS receiver. We discuss how the trust of a location acquisition could be propagated to an application through the use of a proposed tamper-­resistant GNSS receiver which quantifies the trust of a location solution from the signaling used (ie. P(Y) code, Galileo SOL, PRS, CS) and provides a cryptographic proof of this to a remote application. The tamper­-resistance state of the receiver is also included in this cryptographic proof.

Automatic generation of assertions to detect potential security vulnerabilities in C programs that use union and pointer types

Type unions, pointer variables and function pointers are a long standing source of subtle security bugs in C program code. Their use can lead to hard-to-diagnose crashes or exploitable vulnerabilities that allow an attacker to attain privileged access over classified data. This paper describes an automatable framework for detecting such weaknesses in C programs statically, where possible, and for generating assertions that will detect them dynamically, in other cases. Exclusively based on analysis of the source code, it identifies required assertions using a type inference system supported by a custom made symbol table. In our preliminary findings, our type system was able to infer the correct type of unions in different scopes, without manual code annotations or rewriting. Whenever an evaluation is not possible or is difficult to resolve, appropriate runtime assertions are formed and inserted into the source code. The approach is demonstrated via a prototype C analysis tool.

Reinforcing bad behaviour : the misuse of security indicators on popular websites

Before making a security or privacy decision, Internet users should evaluate several security indicators in their browser, such as the use of HTTPS (indicated via the lock icon), the domain name of the site, and information from extended validation certificates. However, studies have shown that human subjects infrequently employ these indicators, relying on other indicators that can be spoofed and convey no cryptographic assurances. We identify four simple security indicators that accurately represent security properties of the connection and then examine 125 popular websites to determine if the sites' designs result in correctly displayed security indicators during login. In the vast majority of cases, at least some security indicators are absent or suboptimal. This suggests users are becoming habituated to ignoring recommended security indicators.

Security metrics for object-oriented designs

Several studies have developed metrics for software quality attributes of object-oriented designs such as reusability and functionality. However, metrics which measure the quality attribute of information security have received little attention. Moreover, existing security metrics measure either the system from a high level (i.e. the whole system’s level) or from a low level (i.e. the program code’s level). These approaches make it hard and expensive to discover and fix vulnerabilities caused by software design errors. In this work, we focus on the design of an object-oriented application and define a number of information security metrics derivable from a program’s design artifacts. These metrics allow software designers to discover and fix security vulnerabilities at an early stage, and help compare the potential security of various alternative designs. In particular, we present security metrics based on composition, coupling, extensibility, inheritance, and the design size of a given object-oriented, multi-class program from the point of view of potential information flow.

Assessing the impact of refactoring on security-critical object-oriented designs

Refactoring focuses on improving the reusability, maintainability and performance of programs. However, the impact of refactoring on the security of a given program has received little attention. In this work, we focus on the design of object-oriented applications and use metrics to assess the impact of a number of standard refactoring rules on their security by evaluating the metrics before and after refactoring. This assessment tells us which refactoring steps can increase the security level of a given program from the point of view of potential information flow, allowing application designers to improve their system’s security at an early stage.

Out of touch? On the lack of emotional support over the mobile phone

Findings from an Australian case study of adult women expose general, light and basic use of mobile phones. Participants used their mobile phone mainly for coordination and to a lesser extent for practicing intrinsic interactions motivated by emotional support purposes. This paper focuses on social and emotional support over the mobile phone. Though crucial to individuals, emotional support seems to be a neglected area of research among mobile communication studies, all the more so when focusing on adult women. This study addresses this literature gap. The empirical findings are based on a case study of 26 women over 35 years of age residing in one coastal Australian town. The research design included a combination of quantitative and qualitative methods. This paper examines the communication methods adult women use for social and emotional support, and analyses reasons and social implications of this limited intrinsic communication use pattern over the mobile phone.

Empathy, neutrality and emotional intelligence: a balancing act for the emotional Einstein

Emotions play a central role in mediation as they help to define the scope and direction of a conflict. When a party to mediation expresses (and hence entrusts) their emotions to those present in a mediation, a mediator must do more than simply listen - they must attend to these emotions. Mediator empathy is an essential skill for communicating to a party that their feelings have been heard and understood, but it can lead mediators into trouble. Whilst there might exist a theoretical divide between the notions of empathy and sympathy, the very best characteristics of mediators (caring and compassionate nature) may see empathy and sympathy merge - resulting in challenges to mediator neutrality. This article first outlines the semantic difference between empathy and sympathy and the role that intrapsychic conflict can play in the convergence of these behavioural phenomena. It then defines emotional intelligence in the context of a mediation, suggesting that only the most emotionally intelligent mediators are able to emotionally connect with the parties, but maintain an impression of impartiality – the quality of remaining ‘attached yet detached’ to the process. It is argued that these emotionally intelligent mediators have the common qualities of strong self-awareness and emotional self-regulation.

The role of emotional intelligence in moral judgement

In this study we investigated the potential role of emotional intelligence (EI) in moral reasoning (MR). A sample of 131 undergraduate students completed a battery of psychological tests, which included measures of EI, MR and the Big Five dimensions of personality. Results revealed support for a proposed model of the relationship between emotional intelligence, personality and moral reasoning. Specifically, emotional intelligence was found to be a significant predictor of four of the Big Five personality dimensions (extraversion, openness, neuroticism, agreeableness), which in turn were significant predictors of moral reasoning. These results have important implications in regards to our current understanding of the relationships between EI, moral reasoning and personality. We emphasise the need to incorporate the constructs of EI and moral reasoning into a broader, explanatory personality framework.